Date: Tue, 10 Feb 2015 00:39:46 +0000 From: "ae (Andrey V. Elsukov)" <phabric-noreply@FreeBSD.org> To: freebsd-net@freebsd.org Subject: [Differential] [Changed Subscribers] D1815: Evaluate packet size after the firewall had its chance Message-ID: <f58e188b0bfeba68196355fdd2e291b4@localhost.localdomain> In-Reply-To: <differential-rev-PHID-DREV-xlnbupssscjsdzdcfhsp-req@FreeBSD.org> References: <differential-rev-PHID-DREV-xlnbupssscjsdzdcfhsp-req@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
ae added a subscriber: ae. ae added a comment. Since you are in ip6_forward(), this means ip6_input() has already checked this packet and PFIL had a chance to handle this packet. IPv6 router should not do reassembling fragmented packets and do new fragmentation of them, but if you want, I think your packet filter should track these fragments on input. How do you tested this patch? REVISION DETAIL https://reviews.freebsd.org/D1815 To: kristof Cc: ae, freebsd-net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f58e188b0bfeba68196355fdd2e291b4>